2. Sometimes this is caused by caching problems with one's browser, where certain cached pages and/or saved cookie data stop working. I've seen this in Firefox and IE over the years, so I would not be surprised if Chrome had similar issues. Clear everything and see if things improve,

3. Sometimes this is caused by issues server-side pertaining to PHP sessions, which on the new server are dropped into /tmp. The "garbage collector" (gc) may also periodically pick them up/nuke them, although the rate at which it does is fairly low (less aggressive than Parodius):

Note to anyone looking at those and wanting to make some remark: say nothing until you go look at and fully read the PHP documentation for the settings in question.

4. This topic has come up more than once over the years. In most cases it has turned out to be certain user behaviour or oddities like those I've mentioned above,

5. Troubleshooting this is surprisingly difficult,

6. I haven't seen this problem even once, in all the years I've been using the site -- except for one situation: during the server migration/move, and that was easily explained (the FQDN associated with the site (thus cookie) changed, thus understandably confusing the hell out of browsers). However I only access the forum from one place (my home PC).

Are you logging in and out on another device? On a lot of sites, if you click "log out", the site ends all active sessions associated with your user account.

Nope. And moreover, on phpBB that doesn't seem to be the case. And this has happened for several days, on many of which I've definitely not logged in from multiple devices.

koitsu wrote:

2. Sometimes this is caused by caching problems with one's browser, where certain cached pages and/or saved cookie data stop working. I've seen this in Firefox and IE over the years, so I would not be surprised if Chrome had similar issues. Clear everything and see if things improve,

Clearing all cookies from *nesdev.com domain(s) was the first thing I tried when this occurred. No luck.

I guess it might be caused by an update of Chrome. Or something. Anyway, it's not a huge deal. I just thought I'd post in case somebody else was seeing the same problem.

This is happening to me too. It first started a few days ago (I think the same day that thefox reported it), on both my PC and iPhone. Since then, it's happened a couple of times on my PC, but my iPhone has stayed logged on.

As you can see, phpbb3_6cazq_k got cleared, phpbb3_6cazq_u got reset to a different value, and the session ID also was reset. This makes me think that the server had already purged the session before I opened the site today.

What's strange though is the "Who is online" list. Maybe it's managed separately from the sessions...

I'm sorry I can't help a lot with this issue (it'd be easier if I was experiencing it myself), but if it's believed to be a phpBB (forum software) bug, we use 3.0.10 right now and 3.0.11 is the latest. Here's the changelog:

If the issue is believed to be with PHP, the PHP version used is 5.3.15. The latest is 5.5.3, and if there was a place that was most likely responsible for this, it'd be in the sessions module or (remote possibility) the core.

My gut feeling is that it's some kind of phpBB "thing", since server-side I don't really see anything that indicates an issue, but it's hard for me to diagnose this (as said, can't really help with that). I did find this:

What's described here is vague/weird -- the settings are actually under the General tab, under Server Configuration / Load Settings. I've attached two screenshots (01.jpg and 02.jpg) showing what we have these set to. I've also included a screenshot of the Cookie Settings section since some of what thefox mentioned above is referenced there.

Keep in mind two things when looking at these screenshots (but please keep reading):

1) The session timeout value shown is just an indicator of how long you can be actively logged in before the board will automatically log you out. If you are a person who leave a tab open at all times here at the forum, then yes, my understanding is that you will be getting logged out after 3600 seconds of not interacting with the site anywhere; this is by design. Increasing this number might sound like a reasonable thing to do, but then again it may not be a wise thing to do. For example if someone is leaving the browser window/tab to the site open for an entire day, then the number would have to be increased to 60*60*24 = 86400 seconds or thereabouts. I would much rather people just close the damn tab/window when they're done. (I actually generally do not have to re-log-in very often on my setup, it's quite rare, but I also do not use tabs and I do not leave browser windows open indefinitely; I always [X] out of things when I'm done)

2) The settings shown there are phpBB-specific and not PHP-specific; PHP has its own types of control over sessions as well (specifically the GC cleaning up old files, etc.). So these two things require a somewhat "balanced" series of settings that match up well and don't conflict with one another.

Where someone states up front that the "session IP validator" basically looks at the network block you're part of, and requires a session to be valid only if the client IP connecting is within the same /24 (this would be a security measure). So, if your ISP is doing something like NAT'ing your outbound connections to the forum (usually done at workplaces for lots of reasons, but also for load balancing), and the connecting client IP could therefore flip in real-time from 1.2.3.4 to 1.2.9.16 (for example) then I can see this causing a person who was active on the forum to suddenly log out. Remember, this is not your "workstation IP address", this is actually what gets seen IP-address-wise on the nesdev server.

The settings we use permit the last octet to float/change (i.e. the A.B.C method), as indicated in the 03.jpg screenshot. I am happy to try changing this to something else ("None" possibly), but I would much rather not if the root cause can be determined.

But as you can see, there are other security measures phpBB has in place (and some I have blacked out in the screenshot because we do know spammers/etc. show up here and this is not the Moderators board so these posts/this information is public) to also "verify" that the client connecting is who it says it is -- specifically "validating the browser" (probably comparing User-Agent strings), handling situations where the browser (HTTP client) includes the X-Forwarded-For header (this is often use by caching proxies, so if you're at a workplace that uses an HTTP proxy server then this header might be included and your web browser wouldn't be sending it, the proxy server would -- the only way for us to see this would be to use tcpdump on the server, which I cannot do) and also referer validation.

Basically my point here is that there's lots of "stuff" that could cause this to go awry for someone, and troubleshooting it requires familiarity with all the aforementioned things, plus requires that the troubleshooting be done in real-time. For example I cannot go back and look at site (Apache) access logs to track down thefox -- username/etc. is not stored anywhere in the logs, so all I could go off of is IP address, but as I said above if the IP address is shifting around a lot then my greps/etc. are going to be wrong/incorrect (the site gets hit a *lot*).

The best I can do is try to get exact timestamps from you (please include timezone, or if you can just give me UTC timestamps that would make my job much much easier (server log timestamps are in UTC)) when you see the issue start, along with the exact time you had to re-log-in, and I try to figure out if it's the session IP validator that's causing it. I've already grepped through logs and there just isn't enough information to key off of there (no way to correlate an access to a username).

Welcome to The Internet(tm) and Web Crap of today, and what we SAs have to deal with all the time.

Where someone states up front that the "session IP validator" basically looks at the network block you're part of, and requires a session to be valid only if the client IP connecting is within the same /24 (this would be a security measure). So, if your ISP is doing something like NAT'ing your outbound connections to the forum (usually done at workplaces for lots of reasons, but also for load balancing), and the connecting client IP could therefore flip in real-time from 1.2.3.4 to 1.2.9.16 (for example) then I can see this causing a person who was active on the forum to suddenly log out. Remember, this is not your "workstation IP address", this is actually what gets seen IP-address-wise on the nesdev server.

The settings we use permit the last octet to float/change (i.e. the A.B.C method), as indicated in the 03.jpg screenshot. I am happy to try changing this to something else ("None" possibly), but I would much rather not if the root cause can be determined.

I'm 99% certain this is not the cause of it because I have a static IP address.

I'm going to try Firefox for a couple of days to see if the same problems occur with it too.

The problem doesn't occur on Firefox. So probably a recent update of Chrome changed something that causes phpBB to invalidate the session (maybe the User-Agent changes ever so slightly (that would be strange, though), or something...)

A few days ago I said I wasn't experiencing this problem... well, I am now. I get logged out almost every day. Chrome has updated itself recently, so I suspect that there's something up with that, like thefox suggested.

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum